[Pkg-netatalk-devel] CVE fixes for netatalk in oldstable

Jonas Smedegaard jonas at jones.dk
Thu Aug 31 08:20:04 BST 2023 

Quoting Daniel Markstedt (2023-08-31 07:23:52)
> Great feedback, thanks for taking the time to break this down.
> There's definitely some cultural adjustment remaining for me!
> 
> The reason I cc'ed Markus specifically is because he was the one who took action on each of the CVE and regression patches for the Buster package over the last few months.
> Your point is that if I want Markus's attention, I cc the Security Team ML and let them respond in accordance to their internal process, right?

Correct!

Just because Markus spoke on behalf of the team in the past is no good
reason for you to insist that he continue to do so.


> Good idea to increase the severity of the ticket. Done!

Good.  But oddly, Adam lowered severity again 6 hours later, without
explanation.

I suggest that you post to the bugreport, X-Debbugs-Cc him, to (kindly!)
ask for clarification.  But read below about X-Debbugs-Cc...


> Not sure if I succeeded in cc'ing this ML though.

I am not sure either.  I always put X-Debbugs-Cc: as a _real_ email
header, and am not sure it gets detected as pseudo-header in content.

Perhaps Debbugs documentation says something explicitly about that.


> Anyhow, I'm definitely planning to transition to the CLI interfaces for debian bugs shortly.
> I finally have a reliable SMTP server that I can use, as well as a physical machine for Debian.
> So far I've been using a bunch of transient VMs on a Windows PC for development (sorry!)

No need for apology - I am just happy for you that it sounds like you've
lived with a painful workaround and soon can be releaved of that :-)


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-netatalk-devel/attachments/20230831/055f6f61/attachment.sig>

More information about the pkg-netatalk-devel mailing list